[Bug 18085] "all content using the http+aes scheme on the same host (and same port) shares the same origin and can therefore leak the keys" - unless there's a use case for supporting this, it seems more robust to make http(s)+aes never be same-origin

https://www.w3.org/Bugs/Public/show_bug.cgi?id=18085

Michael[tm] Smith <mike@w3.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #1 from Michael[tm] Smith <mike@w3.org> ---
The http+aes scheme/feature is not part of the W3C HTML5 spec and has also been
dropped from the upstream WHATWG HTML spec.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 22 October 2012 07:32:47 UTC